pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/comms/asterisk10 Update to Asterisk 10.0.1. This fixe...
details: https://anonhg.NetBSD.org/pkgsrc/rev/e41be4ed66cd
branches: trunk
changeset: 598184:e41be4ed66cd
user: jnemeth <jnemeth%pkgsrc.org@localhost>
date: Fri Jan 20 07:29:08 2012 +0000
description:
Update to Asterisk 10.0.1. This fixes AST-2012-001:
Asterisk Project Security Advisory - AST-2012-001
+------------------------------------------------------------------------+
| Product | Asterisk |
|----------------------+-------------------------------------------------|
| Summary | SRTP Video Remote Crash Vulnerability |
|----------------------+-------------------------------------------------|
| Nature of Advisory | Denial of Service |
|----------------------+-------------------------------------------------|
| Susceptibility | Remote unauthenticated sessions |
|----------------------+-------------------------------------------------|
| Severity | Moderate |
|----------------------+-------------------------------------------------|
| Exploits Known | No |
|----------------------+-------------------------------------------------|
| Reported On | 2012-01-15 |
|----------------------+-------------------------------------------------|
| Reported By | Catalin Sanda |
|----------------------+-------------------------------------------------|
| Posted On | 2012-01-19 |
|----------------------+-------------------------------------------------|
| Last Updated On | January 19, 2012 |
|----------------------+-------------------------------------------------|
| Advisory Contact | Joshua Colp < jcolp AT digium DOT com > |
|----------------------+-------------------------------------------------|
| CVE Name | |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Description | An attacker attempting to negotiate a secure video |
| | stream can crash Asterisk if video support has not been |
| | enabled and the res_srtp Asterisk module is loaded. |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Resolution | Upgrade to one of the versions of Asterisk listed in the |
| | "Corrected In" section, or apply a patch specified in the |
| | "Patches" section. |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Affected Versions |
|------------------------------------------------------------------------|
| Product | Release Series | |
|-------------------------------+----------------+-----------------------|
| Asterisk Open Source | 1.8.x | All versions |
|-------------------------------+----------------+-----------------------|
| Asterisk Open Source | 10.x | All versions |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Corrected In |
|------------------------------------------------------------------------|
| Product | Release |
|------------------------------------------+-----------------------------|
| Asterisk Open Source | 1.8.8.2 |
|------------------------------------------+-----------------------------|
| Asterisk Open Source | 10.0.1 |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Patches |
|------------------------------------------------------------------------|
| SVN URL |Branch|
|-----------------------------------------------------------------+------|
|http://downloads.asterisk.org/pub/security/AST-2012-001-1.8.diff |v1.8 |
|-----------------------------------------------------------------+------|
|http://downloads.asterisk.org/pub/security/AST-2012-001-10.diff |v10 |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Links | https://issues.asterisk.org/jira/browse/ASTERISK-19202 |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Asterisk Project Security Advisories are posted at |
| http://www.asterisk.org/security |
| |
| This document may be superseded by later versions; if so, the latest |
| version will be posted at |
| http://downloads.digium.com/pub/security/AST-2012-001.pdf and |
| http://downloads.digium.com/pub/security/AST-2012-001.html |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Revision History |
|------------------------------------------------------------------------|
| Date | Editor | Revisions Made |
|-----------------+--------------------+---------------------------------|
| 12-01-19 | Joshua Colp | Initial release |
+------------------------------------------------------------------------+
Asterisk Project Security Advisory - AST-2012-001
Copyright (c) 2012 Digium, Inc. All Rights Reserved.
Permission is hereby granted to distribute and publish this advisory in its
original, unaltered form.
diffstat:
comms/asterisk10/Makefile | 5 ++---
comms/asterisk10/distinfo | 26 +++++++++++++-------------
2 files changed, 15 insertions(+), 16 deletions(-)
diffs (50 lines):
diff -r c9cc369c7bcc -r e41be4ed66cd comms/asterisk10/Makefile
--- a/comms/asterisk10/Makefile Fri Jan 20 07:03:10 2012 +0000
+++ b/comms/asterisk10/Makefile Fri Jan 20 07:29:08 2012 +0000
@@ -1,10 +1,9 @@
-# $NetBSD: Makefile,v 1.2 2012/01/17 07:07:33 jnemeth Exp $
+# $NetBSD: Makefile,v 1.3 2012/01/20 07:29:08 jnemeth Exp $
#
# NOTE: when updating this package, there are two places that sound
# tarballs need to be checked
-DISTNAME= asterisk-10.0.0
-PKGREVISION= 1
+DISTNAME= asterisk-10.0.1
DIST_SUBDIR= ${PKGNAME_NOREV}
DISTFILES= ${DEFAULT_DISTFILES}
EXTRACT_ONLY= ${DISTNAME}.tar.gz
diff -r c9cc369c7bcc -r e41be4ed66cd comms/asterisk10/distinfo
--- a/comms/asterisk10/distinfo Fri Jan 20 07:03:10 2012 +0000
+++ b/comms/asterisk10/distinfo Fri Jan 20 07:29:08 2012 +0000
@@ -1,17 +1,17 @@
-$NetBSD: distinfo,v 1.1.1.1 2012/01/15 18:36:20 jnemeth Exp $
+$NetBSD: distinfo,v 1.2 2012/01/20 07:29:09 jnemeth Exp $
-SHA1 (asterisk-10.0.0/asterisk-10.0.0.tar.gz) = ffe8c67ce7b34ea5ad098bb06ed8e55e08a291ab
-RMD160 (asterisk-10.0.0/asterisk-10.0.0.tar.gz) = 9f9e4a9a9e5785ffd846f26c331b62dcceafd5bb
-Size (asterisk-10.0.0/asterisk-10.0.0.tar.gz) = 24873318 bytes
-SHA1 (asterisk-10.0.0/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 8692fa61423b4769dc8bfa78faf9ed5ef7a259b9
-RMD160 (asterisk-10.0.0/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 68170c769d739d6b5b35b00f999ad6bbf876f9f6
-Size (asterisk-10.0.0/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 3349898 bytes
-SHA1 (asterisk-10.0.0/extract-cfile.txt) = b22874814c83a53bcd1a8d96b5911304f304971e
-RMD160 (asterisk-10.0.0/extract-cfile.txt) = e7205fe7e95793f3ca6e384edeef1ad5713485e0
-Size (asterisk-10.0.0/extract-cfile.txt) = 643 bytes
-SHA1 (asterisk-10.0.0/rfc3951.txt) = 1a6c769be750fb02456d60db2470909254496017
-RMD160 (asterisk-10.0.0/rfc3951.txt) = 15f7ec61653ec9953172f8f2150e7d8f6f620926
-Size (asterisk-10.0.0/rfc3951.txt) = 373442 bytes
+SHA1 (asterisk-10.0.1/asterisk-10.0.1.tar.gz) = 7a700c3c5b9af28f433f20d4267d5fc71ca32341
+RMD160 (asterisk-10.0.1/asterisk-10.0.1.tar.gz) = 289731127e45351047f565acd0f6372cb48cb7d1
+Size (asterisk-10.0.1/asterisk-10.0.1.tar.gz) = 24866828 bytes
+SHA1 (asterisk-10.0.1/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 8692fa61423b4769dc8bfa78faf9ed5ef7a259b9
+RMD160 (asterisk-10.0.1/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 68170c769d739d6b5b35b00f999ad6bbf876f9f6
+Size (asterisk-10.0.1/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 3349898 bytes
+SHA1 (asterisk-10.0.1/extract-cfile.txt) = b22874814c83a53bcd1a8d96b5911304f304971e
+RMD160 (asterisk-10.0.1/extract-cfile.txt) = e7205fe7e95793f3ca6e384edeef1ad5713485e0
+Size (asterisk-10.0.1/extract-cfile.txt) = 643 bytes
+SHA1 (asterisk-10.0.1/rfc3951.txt) = 1a6c769be750fb02456d60db2470909254496017
+RMD160 (asterisk-10.0.1/rfc3951.txt) = 15f7ec61653ec9953172f8f2150e7d8f6f620926
+Size (asterisk-10.0.1/rfc3951.txt) = 373442 bytes
SHA1 (patch-Makefile) = 900252eff84bda22d2cbe09e0f22505531284cbb
SHA1 (patch-apps_app__dial.c) = 2109ed50406dedc90a300981a3a7500b1397ff3a
SHA1 (patch-apps_app__followme.c) = a0a507986ec9722337d46fdaaac0a79d23a634e4
Home |
Main Index |
Thread Index |
Old Index